PayPal Logo

Privacy and cookies policy

Price:  £17.50(Inc. 20% VAT)(£14.58 Exc. VAT)

A privacy and cookies policy template in continuous development by SEQ Legal since 2007, and used on hundreds of thousands of websites.

Most modern websites collect personal information and use cookies. Accordingly, most website operators will need to comply with data protection and cookie laws. The purpose of this privacy and cookies policy is to help you to comply with those laws. Failure to comply can lead to both civil liability and criminal law penalties.

There are four different versions of the template.

  1. General: this is the most flexible version of the policy, and the other versions are all based on this one. A copy is included in our business pack.
  2. Online shop: for websites selling goods online. This version is included in our online shop pack.
  3. Social networking: for social networks and similar websites. A copy of this version is included in our social networking pack.
  4. Lead generation: for websites that gather lead information that is passed to third party suppliers.

General privacy and cookies policy

This privacy and cookies policy template was created by combining the provisions of our privacy policy with those of our cookies policy. The template is divided into three parts.

  • The first part of the template is concerned with the collection, storage and use of personal data, and is designed to aid compliance with the disclosure requirements of the Data Protection Act 1998.
  • The second part of the template covers the use of cookies by a website, and is designed to aid compliance with the disclosure requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as variously amended).
  • The third and final part of the template should be used for disclosing information (eg contact details) about the website operator.

The template is designed for websites that collect standard kinds of personal data for standard kinds of use. It may be unsuitable or insufficient for websites which collect sensitive personal data (such as information relating to a person's health, sexuality, ethnicity or politics) or which collect personal information from children or about children.

Policy for online shops

This version of the privacy and cookies policy has been adapted for online shops: websites selling products to the public and to businesses. It covers the typical types of disclosure that an online shop will need to make, answering such questions as:

  • What personal data is held as account data?
  • How are payment details processed?
  • What marketing rights will the website operator have in relation to customers?

Policy for social networking websites

Social network services typically process large amounts of sometimes sensitive personal information. For this reason, social network users expect website privacy policies and practices to be fair, and a conscientious few even read them. For some users, unfair policies and practices may be enough to turn them away from a website or service. This version of our privacy and cookies policy is an adapted version of the general policy, incorporating those edits that will typically be required for a social networking website.

Policy for lead generation websites

The process of generating leads for third party suppliers necessarily involves the collection and handling of personal details: names, contact details, details of products or services, and so on. To ensure that such personal details can be lawfully passed on to third party suppliers, the website operator should disclose information about the process. This document will help you to do just that. In addition to terms dealing specifically with lead generation, this document includes standard privacy policy and cookie policy clauses.

Part 1: Personal data

  1. Introduction
  2. Collecting personal information
  3. Using your personal information
  4. Disclosing personal information
  5. International data transfers
  6. Retaining personal information
  7. Security of your personal information
  8. Amendments
  9. Your rights
  10. Third party websites
  11. Updating information

Part 2: Cookies

  1. About cookies
  2. Our cookies
  3. Analytics cookies
  4. Third party cookies
  5. Blocking cookies
  6. Deleting cookies
  7. Cookie preferences

Part 3: Contact information

  1. Data protection registration
  2. Our details

Privacy and cookies policy (general version) data

  • Template length: 8 pages
  • Editing notes length: 8 pages
  • Author: Alasdair Taylor
  • Last updated: 25 September 2014

I manage a range of different websites, including ecommerce stores, social networking sites and forums. Can the general version of this template be used on all these different types of website?

The relevant rules on disclosures are the same across different types of website. For example, you need to tell users about what you do with their personal details. This template covers the general rules on disclosure, with specific suggested text for the different types of website you mention.

Many different possible uses of personal details are listed in the template, including:

  • sending statements and invoices to the customer;
  • enabling the use of website services; and
  • publishing information on the website.

So, in respect of the different websites that you operate, you will need to delete/edit different clauses. In some cases you may need to add a clause to clarify exactly what it is you do. The template prompts you where you need to do so. This should be relatively straightforward - it is a factual rather than a legal matter.

Does this template included a section concerning the collection of email addresses for use in marketing?

Yes it does, although you cannot necessarily rely upon a section in a privacy and cookies policy to generate adequate consent for such marketing. Such disclosures are necessary, but not necessarily sufficient.

Can I use this template in respect of a website based outside the UK?

All four versions of this template privacy and cookies policy are designed for use by businesses based in the UK. Although the UK data protection regime derives from EU law, there are differences in how that EU law has been implemented in the different member states of the EU.

Does the privacy and cookies document need editing?

Yes, you will need to edit the template, to ensure that it reflects the practices of your business and website in relation to both personal information and cookies. You should regularly review your policy to ensure that it remains up to date, both with respect to the law and to your business's use of personal data.

I need to pass on personal information of customers to our payment services provider. Is this covered?

The privacy and cookies policy includes a suitable disclosure, with specific reference to PayPal, although another PSP can easily be substituted.

I'm designing a client's new company website and was looking if this privacy and cookies policy would be enough or if my client should consider any other policies, such as website T&Cs?

Privacy and cookies policies, and website T&Cs, have quite different purposes.

  • Privacy and cookies policies: these help you make the required disclosures under data protection, privacy and cookies laws
  • Website T&Cs: these help with other statutory disclosures, cover the rules for using the website, limit the liability of the website operator, and generally structure the legal relationships between operators and users.

Most websites should have both.

I'm setting up a web store with social networking type features. Should I use the social network template or the privacy and cookies policy for online shops?

Probably neither. I suggest you use the general privacy and cookies policy template. Both the social networking and online shop templates are adapted versions of that general template. The general template is more flexible than either, although at the cost of being more work to adapt.

Ask a question

Customers who bought this item also bought:

Related Products

Online shop pack